Skip to content

Add anonymizing of user applications feature#4702

Open
wes-otf wants to merge 20 commits intomainfrom
feature/clean_user_pii
Open

Add anonymizing of user applications feature#4702
wes-otf wants to merge 20 commits intomainfrom
feature/clean_user_pii

Conversation

@wes-otf
Copy link
Copy Markdown
Contributor

@wes-otf wes-otf commented Feb 17, 2026
edited by frjo
Loading

Would close #3441. Adds a new AnonymizedSubmission model that only contains minimal, non-PII datapoints. Also adds UI features for staff to select whether a user's application(s) should be deleted or converted to skeletoned/anonymized application.

The todos:

  • Implement AnonymizedSubmission model & creation methods
  • Handle manual individual submission deletions
  • Handle manual bulk submission deletions/anonymization
  • Handle submissions with individual user deletions
  • Handle submissions with bulk user deletions
  • Include anonymized submissions in the results dashboard
  • Add unit tests for new functionality

Test Steps

@wes-otf wes-otf force-pushed the feature/clean_user_pii branch 3 times, most recently from b389175 to 0bc0caf Compare March 3, 2026 15:48
@wes-otf wes-otf force-pushed the feature/clean_user_pii branch 2 times, most recently from 9ae8d11 to 30b37bd Compare March 18, 2026 19:57
@wes-otf wes-otf requested a review from frjo March 18, 2026 19:58
@wes-otf
Copy link
Copy Markdown
Contributor Author

wes-otf commented Mar 18, 2026
edited
Loading

@frjo I'm going to add a unit test for the results view, some docs & do a final look over but it should be ready for review if you wanted to take a look before that

wes-otf
wes-otf commented Mar 18, 2026
View reviewed changes
Comment thread hypha/apply/funds/views/results.py Outdated
SubmissionSkeletonFilter.declared_filters
)
if not set(self.request.GET) & set(non_skeleton_fields):
skeleton_qs = SubmissionSkeletonFilter(
Copy link
Copy Markdown
Contributor Author

@wes-otf wes-otf Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

somewhat of a hacky solution to managing 2 models with one FilterView but seems to work?

Copy link
Copy Markdown
Contributor Author

@wes-otf wes-otf Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems like the # of SQL queries shoots up though so might need some optimizing

@wes-otf wes-otf marked this pull request as ready for review March 19, 2026 16:09
@wes-otf wes-otf changed the title WIP: Add "skeletoning"/anonymizing of user applications Add "skeletoning"/anonymizing of user applications Mar 19, 2026
@frjo frjo added Type: Feature This is something new (not an enhancement of an existing thing). Type: Minor Minor change, used in release drafter labels Apr 3, 2026
@frjo frjo force-pushed the feature/clean_user_pii branch from 30b37bd to a5e160a Compare April 13, 2026 13:51
@frjo
Copy link
Copy Markdown
Member

frjo commented Apr 13, 2026

@wes-otf I rebased this with main to solve a small merge conflict.

@frjo
Copy link
Copy Markdown
Member

frjo commented Apr 13, 2026

@wes-otf When I was testing this I realised we have some existing issues with deleted/archive. When I started with fixing that more things followed as you can see in the PR now 😄.

  • The backend is nearly untouched. This part seems to works really well!
  • The wagtail admin part is nearly untouched as well, only added some classes for margins etc.

My changes:

  1. Renamed everything skeleton -> anonymize, makes it easier to read the code I believe.
  2. Added some tests.
  3. Added "Anonymise" button in "MORE ACTIONS" section on submission detail. Anonymise also has its own confirm modal now.
  4. Moved "Delete" button to "MORE ACTIONS" section for staff as well. I think this makes more sense.
  5. Reverted changes to SubmissionDeleteView since they are not used any more.

@frjo
Copy link
Copy Markdown
Member

frjo commented Apr 13, 2026

The batch functions on submission/all only have a simple js alert while the same functions for a single submission has a nice modal. That is not logical. Will fix that in a separate PR.

frjo
frjo requested changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@frjo frjo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This works very well in my testing, the backend seems solid. The anonymised submission has very little information left since all form_data is deleted. The feature talk about removing PII info, some might be surprised that almost nothing besides the value remain.

Maybe this can be communicated better?

@frjo frjo changed the title Add "skeletoning"/anonymizing of user applications Add anonymizing of user applications feature Apr 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frjo frjo frjo requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Type: Feature This is something new (not an enhancement of an existing thing). Type: Minor Minor change, used in release drafter

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Deactivate and anonymise user accounts

2 participants

@wes-otf @frjo